Hi Maik, you should generally deny the access to /cgi-bin/WebObjects or whatever your WebObjectsAlias setting is set to:
<Location /cgi-bin/WebObjects> Order Deny,Allow Deny from all </Location> Then in your specific site config you allow the specific app. E.g. for aaa.com: <Location /cgi-bin/WebObjects/AAA.woa> Allow from all </Location> So now you can only access AAA.woa on aaa.com and no other apps. jw Am 07.12.2012 um 15:04 schrieb Maik Musall <[email protected]>: > Hi List, > > I don't know if everybody is aware of that, but in a setup with two WO > applications A and B, reachable through domains aaa.com and bbb.com, but > sharing one Apache Adaptor in front of them, you can generally reach > application B through aaa.com if you append the .woa path of application B to > it. > > What measures do you have in place to prevent that, if any? > > Maik _______________________________________________ Do not post admin requests to the list. They will be ignored. Webobjects-dev mailing list ([email protected]) Help/Unsubscribe/Update your Subscription: https://lists.apple.com/mailman/options/webobjects-dev/archive%40mail-archive.com This email sent to [email protected]
